formats

Welcome to News & Events

Published on December 20, 2011, by in Industry News.

Welcome to The Fraud Practice’s FraudBlog; your source for updates on current events, commentary and best practices related to the eCommerce CNP payments and fraud industry.

Be sure to signup to see all of our content to include our free monthly FraudBlog Newsletter.

 
formats

Dyre Malware Picks Up Where Zeus Left Off

Since the takedown of the Zeus botnet in June 2014 fraudsters have moved to a new malware of choice, known as Dyre, which also seeks to obtain online banking credentials by mimicking hundreds of different financial institutions worldwide, including 70 in the United States. The malware can infect IE, Chrome and Firefox users, and infections continue to grow, particularly in the U.S. and Europe.

The Dyre malware is primarily spread via spam emails containing a malicious attachment. Often these are made to look like fax or voicemail messages, but take the user to download a reconnaissance downloader tool known as Updatre, which was also used with the Gameover Zeus malware. Security firm Symantec first detected the Dyre malware in June 2014 following the shutdown of the Gameover Zeus Botnet. Detections of the Dyre malware spiked two months later in August and has continued at increased levels since. According to Trend Micro there were 9,000 Dyre infections in Q1 2015, up from 4,000 in Q4 2014. Over 39 percent of these infections came from users in Europe while 38 percent occurred in North America during Q1 2015.

Read More

 
formats

Most U.S. Merchants Will Not Make EMV Deadline and Less than Half of Small Businesses Have Any Plans To

According to a recent report from Javelin Strategy & Research, up to 75 percent of merchants in the United States will not be EMV compliant by the October 15th deadline. Many major retailers have already started implementing EMV terminals but smaller merchants are much further behind and many have no plans to catch up. A survey commissioned by Intuit in late April found that only 42 percent of small businesses plan to make the switch to EMV.

At the end of 2014 the EMV adoption rate among U.S. merchants was 7.3 percent. As many large retailers have invested in upgrading their payment terminals this figure has climbed in the first half of 2015, but only about one-in-four merchants are expected to be EMV compliant by the liability shift date, according to Javelin. Javelin also estimates that the total cost to upgrade to EMV will be $8.7 billion across merchants and financial institutions. While many large and enterprise organizations have already started this transition, there are several signs that smaller merchants and issuers are lagging behind.

Read More

 
formats

MasterCard Forms New Partnerships to Proliferate Use of Tokens

MasterCard seeks to solidify their place as a premier token service provider as they recently formed partnerships with Synchrony Financial and Citi Retail Services to support tokenization for several private label payment cards. The card association also announced plans to expand token services for mobile and eCommerce merchants with recurring billing and card-on-file programs.

These issuer-based tokens are what are used with Apple Pay, Android Pay and Samsung Pay. The merchant never receives the actual payment card information, and neither does their processor. Rather they are provided with a token which the card association can connect to the card issuer for authorization, and as a result the merchant can receive an authorizations response and process the transaction without needing to possess or transmit the 16 digit Primary Account Number (PAN).

Read More

 
formats

Taxpayer Data Stolen from IRS Used to File Up to $39 Million in Fraudulent Returns

Published on June 25, 2015, by in Data Breach.

Between February and May fraudsters used compromised consumer information to obtain more detailed tax payer data via the IRS’s “get transcripts” web service for consumers. The IRS estimates there were 200,000 unauthorized attempts or lookups to gain access to copies of previous year tax returns, more than half of which were successful, leading to as much as $39 million in fraudulently claimed tax refunds.

The IRS has taken measures to make tax information more accessible to legitimate taxpayers, but fraudsters will try to take advantage of these features and services as well. IRS Inspector General J. Russell George led an audit of the IRS’ interactive computer applications in March which identified many areas in which the IRS “could better protect taxpayer data.” The audit included 44 recommendations which have not yet been implemented.

Read More

 
formats

Samsung Disables Windows Updates Leaving PCs Vulnerable

Many Samsung laptop users have recently found, or may still be unaware, that software from Samsung is disabling Microsoft’s automatic Windows Updates, leaving these devices susceptible to attacks and vulnerabilities that may have been preventable. Even if users disable the Samsung software and manually turn Windows Updates back on, the computer will revert back to blocking Windows Updates once it is rebooted.

Disabling Windows Updates, or at least attempting to, is a fairly common tactic across many types of malware. This prevents the user from being prompted or automatically having updates and patches installed that will reduce the infected machine’s vulnerability to this and other strands of malware. Samsung, however, may be the first legitimate hardware manufacturer to intentionally disable Windows Updates.

Read More

 
formats

Critical Capabilities that can Enable Custom Modeling Solutions to Improve Business Intelligence

Real-time custom modeling can enhance Business Intelligence capabilities leading to not only improved risk detection, but an overall better understanding of your customers and business, which benefits other areas of the business outside of risk management. Many of the capabilities and features to look for when building or buying custom modeling solutions for risk management also contribute to the ancillary benefits a risk-focused custom modeling solution may offer in other departments or groups, such as marketing and front-end or user experience analytics.

This feature article from The Fraud Practice specifically discusses the critical capabilities organizations should build or look for if they want to leverage custom modeling solutions for effective Business Intelligence, both as it pertains to risk management and other aspects of a business.

Read More

 
formats

Facebooks Leads the Way, But Many Social Media Platforms DriveTraffic and Sales

The top 500 online retailers in terms of site traffic from social media earned $3.3 billion in revenue from social shopping in 2014 while a popular eCommerce platform shows that many of its small and medium merchant clients are increasing site visits and volume through multiple social media apps and sites as well. If you doubted the significance of social media in driving web traffic and sales, these figures from Internet Retailer, Shopify and Business Insider may convince you otherwise.

Including desktop and mobile access, social media drove 1.5 percent of eCommerce web traffic in the first quarter of 2015. While this seems quite low in comparison to the 16 percent of eCommerce web traffic from paid search and 34 percent from organic search, traffic referrals from social media are in a period of steep growth as social contributed just 0.5 percent of eCommerce web traffic in the first quarter of 2014. This represents a year-over-year change of 200% for social driven web traffic, meanwhile traffic from emails, organic search and paid search fell by 4 percent, 8 percent and 20 percent, respectively.

Increasing traffic is one thing, but as merchants continue to shift more advertising dollars to social platforms they want to know how that translates to sales.

Read More

 
formats

Growing Mobile Traffic Underscores Importance of Mobile Friendly Sites and Apps

According to data from comScore, 13 percent of U.S. Internet users that visited retailers online did so only using mobile devices, including both mobile web and mobile apps. Meanwhile nine out of the ten largest online retailers in North America are seeing at least one-third of their digital traffic in the mobile channel, and at least 50 percent of digital traffic is from smartphones or tablets for five of the top ten. With the increase in mobile-only Internet users and total mobile traffic across all Internet users, it is as important as ever for organizations to leverage mobile optimized sites and/or mobile apps as sales conversion tools.

While mobile traffic is continuing to grow there is still a significant disparity between conversion rates in traditional eCommerce and the mobile channels. Multiple studies show that tablets tend to have conversion rates closer to that of computer-based eCommerce, but smartphones lag far behind. For example, data from Monetate’s Q4 2014 eCommerce Quarterly estimates the global conversion rate for traditional, desktop- or laptop-based, eCommerce is 3.41 percent compared to 2.86 percent on tablets and 0.92 percent on smartphones.

Read More

 
formats

Two More Social Sites Add Buy Buttons to their Platform

Social sharing sites Pinterest and Instagram each announced new features to reduce friction and convert more users into customers by adding buy buttons and other calls-to-action directly within advertisements or posted content on their respective mobile apps. Rather than follow links to start checkout directly on a merchant’s site, users will be able to make and complete purchases or signup for services without leaving the Pinterest or Instagram mobile apps.

Instagram and Pinterest are popular apps and websites that millions of users enjoy for sharing and browsing photos and interesting products or websites, and many businesses leverage these platforms to build their brand and awareness of products or services they offer. While these have been great sources for merchants to get users onto their websites, now they will also be able to leverage ways to allow Pinterest and Instagram users to complete purchases more easily.

Read More

 
formats

Mitek Systems Acquires IDchecker for $10.6 Million

Mitek, who specializes in mobile onboarding and capturing solutions, announced they would be acquiring identity document verification provider IDchecker for $10.6 million. Mitek owns several patents related to mobile imaging technology used for mobile deposits and other applications for financial institutions but will now incorporate photo verification of identity and other documents following the acquisition of IDchecker.

While Mitek already had 21 patents issued, the acquisition of IDchecker will bring more. The patented algorithms and techniques behind IDchecker’s FACELINK facial recognition technology will complement the suite of services Mitek already provides to 3,700 financial institutions utilizing their Mobile Deposit services. In addition to the auto capture patent and facial recognition technology IDchecker brings, the acquisition makes Mitek’s ID verification capabilities and global presence more robust as their global ID document coverage expands to over 3,500 document types worldwide.

Read More

 
© The Fraud Practice LLC 2012